Fixed #24466 -- Added JavaScript escaping in a couple places in the admin.

Thanks Aymeric Augustin and Florian Apolloner for work on the patch.
2025-10-24 22:26:08 +00:00 · 2015-03-06 12:45:53 -05:00
parent b86abbceb9
commit 845817b039
9 changed files with 77 additions and 26 deletions
--- a/tests/admin_inlines/tests.py
+++ b/tests/admin_inlines/tests.py
@@ -78,7 +78,7 @@ class TestInline(TestDataMixin, TestCase):
        # The heading for the m2m inline block uses the right text
        self.assertContains(response, '<h2>Author-book relationships</h2>')
        # The "add another" label is correct
-        self.assertContains(response, 'Add another Author-book relationship')
+        self.assertContains(response, 'Add another Author\\u002Dbook relationship')
        # The '+' is dropped from the autogenerated form prefix (Author_books+)
        self.assertContains(response, 'id="id_Author_books-TOTAL_FORMS"')

@@ -524,7 +524,7 @@ class TestInlinePermissions(TestCase):
        response = self.client.get(reverse('admin:admin_inlines_author_add'))
        # No change permission on books, so no inline
        self.assertNotContains(response, '<h2>Author-book relationships</h2>')
-        self.assertNotContains(response, 'Add another Author-Book Relationship')
+        self.assertNotContains(response, 'Add another Author\\u002DBook Relationship')
        self.assertNotContains(response, 'id="id_Author_books-TOTAL_FORMS"')

    def test_inline_add_fk_noperm(self):
@@ -538,7 +538,7 @@ class TestInlinePermissions(TestCase):
        response = self.client.get(self.author_change_url)
        # No change permission on books, so no inline
        self.assertNotContains(response, '<h2>Author-book relationships</h2>')
-        self.assertNotContains(response, 'Add another Author-Book Relationship')
+        self.assertNotContains(response, 'Add another Author\\u002DBook Relationship')
        self.assertNotContains(response, 'id="id_Author_books-TOTAL_FORMS"')

    def test_inline_change_fk_noperm(self):
@@ -554,7 +554,7 @@ class TestInlinePermissions(TestCase):
        response = self.client.get(reverse('admin:admin_inlines_author_add'))
        # No change permission on Books, so no inline
        self.assertNotContains(response, '<h2>Author-book relationships</h2>')
-        self.assertNotContains(response, 'Add another Author-Book Relationship')
+        self.assertNotContains(response, 'Add another Author\\u002DBook Relationship')
        self.assertNotContains(response, 'id="id_Author_books-TOTAL_FORMS"')

    def test_inline_add_fk_add_perm(self):
@@ -573,7 +573,7 @@ class TestInlinePermissions(TestCase):
        response = self.client.get(self.author_change_url)
        # No change permission on books, so no inline
        self.assertNotContains(response, '<h2>Author-book relationships</h2>')
-        self.assertNotContains(response, 'Add another Author-Book Relationship')
+        self.assertNotContains(response, 'Add another Author\\u002DBook Relationship')
        self.assertNotContains(response, 'id="id_Author_books-TOTAL_FORMS"')
        self.assertNotContains(response, 'id="id_Author_books-0-DELETE"')

@@ -583,7 +583,7 @@ class TestInlinePermissions(TestCase):
        response = self.client.get(self.author_change_url)
        # We have change perm on books, so we can add/change/delete inlines
        self.assertContains(response, '<h2>Author-book relationships</h2>')
-        self.assertContains(response, 'Add another Author-book relationship')
+        self.assertContains(response, 'Add another Author\\u002Dbook relationship')
        self.assertContains(response, '<input type="hidden" id="id_Author_books-TOTAL_FORMS" '
                            'value="4" name="Author_books-TOTAL_FORMS" />', html=True)
        self.assertContains(response, '<input type="hidden" id="id_Author_books-0-id" '